CVE-2024-42393

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:hp:instantos::::::::
	cpe:2.3:o:hp:instantos::::::::

History

No history.

Information

Published : 2024-08-06 19:15

Updated : 2024-08-12 18:22

NVD link : CVE-2024-42393

Mitre link : CVE-2024-42393

CVE.ORG link : CVE-2024-42393

JSON object : View

Products Affected

arubanetworks

arubaos

hp

instantos

CWE

CWE-787

Out-of-bounds Write

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-42393", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-08-06T19:15:56.640", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04678en_us&docLocale=en_US", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise."}, {"lang": "es", "value": "Existen vulnerabilidades en el Soft AP Daemon Service que podr\u00edan permitir que un actor de amenazas ejecute un ataque RCE no autenticado. Una explotaci\u00f3n exitosa podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el sistema operativo subyacente, lo que podr\u00eda comprometer completamente el sistema."}], "lastModified": "2024-08-12T18:22:45.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "342197F7-9F17-4EED-9EEF-A5B1BB688234", "versionEndExcluding": "10.4.1.4", "versionStartIncluding": "10.3.0.0"}, {"criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A600ADA-377E-400A-A409-C1D4CEE86286", "versionEndExcluding": "10.6.0.1", "versionStartIncluding": "10.5.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "661E77B0-1019-42EE-9DEE-9120E1E6CA81", "versionEndExcluding": "8.10.0.13", "versionStartIncluding": "6.4.0.0"}, {"criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD98FE10-885C-4631-B68B-34E8CC227A59", "versionEndExcluding": "8.12.0.2", "versionStartIncluding": "8.12.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}